education.lu
Felix Eckhofer
felix at tribut.de
Mon Jan 19 13:21:18 CET 2015
Hey.
Am 19.01.2015 12:49, schrieb Wolfgang Breyha:
> Postfix doesn't honor 3.1.3 of the latest DANE-SMTP draft then?
It appears not to.
> "...SMTP client treatment of TLSA RRs with certificate usages
> PKIX-TA(0)
> or PKIX-EE(1) is undefined. SMTP clients should generally treat
> such
> TLSA records as unusable."
Note that it says client treatment is undefined. It also says "should",
not "SHOULD".
However, I don't think the connection should fail one way or the other
(the certificate appears to be signed by a proper CA even). See
dane-smtp 2.2.
felix
More information about the dane-users
mailing list